Survey of Automated Vulnerability Detection and Exploit Generation Techniques in Cyber Reasoning Systems
It provides a comprehensive review of state-of-the-art methods for automated vulnerability detection and exploit generation, which is crucial for improving software security in critical systems, but is incremental as it synthesizes existing research.
This paper surveys automated vulnerability detection and exploit generation techniques, focusing on the winning systems Mayhem and Mechanical Phish from the DARPA Cyber Grand Challenge, to address the need for scalable and effective binary analysis in cybersecurity.
Software is everywhere, from mission critical systems such as industrial power stations, pacemakers and even household appliances. This growing dependence on technology and the increasing complexity software has serious security implications as it means we are potentially surrounded by software that contain exploitable vulnerabilities. These challenges have made binary analysis an important area of research in computer science and has emphasized the need for building automated analysis systems that can operate at scale, speed and efficacy; all while performing with the skill of a human expert. Though great progress has been made in this area of research, there remains limitations and open challenges to be addressed. Recognizing this need, DARPA sponsored the Cyber Grand Challenge (CGC), a competition to showcase the current state of the art in systems that perform; automated vulnerability detection, exploit generation and software patching. This paper is a survey of the vulnerability detection and exploit generation techniques, underlying technologies and related works of two of the winning systems Mayhem and Mechanical Phish.